[Git][security-tracker-team/security-tracker][master] automatic update

Wed, 07 Nov 2018 00:11:00 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c341d348 by security tracker role at 2018-11-07T08:10:23Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,10 +1,24 @@
-CVE-2018-19052 [potential path traversal with specific configs]
+CVE-2018-19055
+       RESERVED
+CVE-2018-19054
+       RESERVED
+CVE-2018-19053 (PbootCMS 1.2.2 allows remote attackers to execute arbitrary 
PHP code by ...)
+       TODO: check
+CVE-2018-19051 (MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword 
abt_type ...)
+       TODO: check
+CVE-2018-19050 (MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword 
langset ...)
+       TODO: check
+CVE-2018-19049
+       RESERVED
+CVE-2017-18351
+       RESERVED
+CVE-2018-19052 (An issue was discovered in mod_alias_physical_handler in 
mod_alias.c in ...)
        - lighttpd <unfixed>
        NOTE: 
https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1
 CVE-2018-19048
        RESERVED
-CVE-2018-19047
-       RESERVED
+CVE-2018-19047 (** DISPUTED ** mPDF through 7.1.6, if deployed as a web 
application ...)
+       TODO: check
 CVE-2018-19046
        RESERVED
 CVE-2018-19045
@@ -4518,8 +4532,7 @@ CVE-2018-17188
        RESERVED
 CVE-2018-17187
        RESERVED
-CVE-2018-17186
-       RESERVED
+CVE-2018-17186 (An administrator with workflow definition entitlements can use 
DTD to ...)
        NOT-FOR-US: Apache Syncope
 CVE-2018-17185
        RESERVED
@@ -10690,8 +10703,7 @@ CVE-2018-14681 (An issue was discovered in 
kwajd_read_headers in mspack/kwajd.c
        - libmspack 0.7-1 (bug #904799)
        NOTE: 
https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8
        NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
-CVE-2018-14667 [Expression Language injection via UserResource allows for 
unauthenticated remote code execution]
-       RESERVED
+CVE-2018-14667 (The RichFaces Framework 3.X through 3.3.4 is vulnerable to 
Expression ...)
        NOT-FOR-US: RichFaces
 CVE-2018-14666
        RESERVED
@@ -16565,16 +16577,16 @@ CVE-2018-12417
        RESERVED
 CVE-2018-12416
        RESERVED
-CVE-2018-12415
-       RESERVED
-CVE-2018-12414
-       RESERVED
-CVE-2018-12413
-       RESERVED
-CVE-2018-12412
-       RESERVED
-CVE-2018-12411
-       RESERVED
+CVE-2018-12415 (The Central Administration server (emsca) component of TIBCO 
Software ...)
+       TODO: check
+CVE-2018-12414 (The Rendezvous Routing Daemon (rvrd), Rendezvous Secure 
Routing Daemon ...)
+       TODO: check
+CVE-2018-12413 (The Schema repository server (tibschemad) component of TIBCO 
Software ...)
+       TODO: check
+CVE-2018-12412 (The realm server (tibrealmserver) component of TIBCO Software 
Inc. ...)
+       TODO: check
+CVE-2018-12411 (The administrative daemon (tibdgadmind) of TIBCO Software 
Inc.'s TIBCO ...)
+       TODO: check
 CVE-2018-12410 (The web server component of TIBCO Software Inc's Spotfire 
Statistics ...)
        NOT-FOR-US: TIBCO
 CVE-2018-12409



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c341d348f8f63a11875da5671ab604afdd6f018e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c341d348f8f63a11875da5671ab604afdd6f018e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to